'\" t
.TH "SYSTEMD\-RANDOM\-SEED\&.SERVICE" "8" "" "systemd 257.1" "systemd-random-seed.service"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
systemd-random-seed.service, systemd-random-seed \- Load and save the OS system random seed at boot and shutdown
.SH "SYNOPSIS"
.PP
systemd\-random\-seed\&.service
.PP
/usr/lib/systemd/systemd\-random\-seed
.SH "DESCRIPTION"
.PP
systemd\-random\-seed\&.service
is a service that loads an on\-disk random seed into the kernel entropy pool during boot and saves it at shutdown\&. See
\fBrandom\fR(4)
for details\&. By default, no entropy is credited when the random seed is written into the kernel entropy pool, but this may be changed with
\fI$SYSTEMD_RANDOM_SEED_CREDIT\fR, see below\&. On disk the random seed is stored in
/var/lib/systemd/random\-seed\&.
.PP
Note that this service runs relatively late during the early boot phase, i\&.e\&. generally after the initrd phase has finished and the
/var/
file system has been mounted\&. Many system services require entropy much earlier than this \(em this service is hence of limited use for complex system\&. It is recommended to use a boot loader that can pass an initial random seed to the kernel to ensure that entropy is available from earliest boot on, for example
\fBsystemd-boot\fR(7), with its
\fBbootctl random\-seed\fR
functionality\&.
.PP
When loading the random seed from disk, the file is immediately updated with a new seed retrieved from the kernel, in order to ensure no two boots operate with the same random seed\&. This new seed is retrieved synchronously from the kernel, which means the service will not complete start\-up until the random pool is fully initialized\&. On entropy\-starved systems this may take a while\&. This functionality is intended to be used as synchronization point for ordering services that require an initialized entropy pool to function securely (i\&.e\&. services that access
/dev/urandom
without any further precautions)\&.
.PP
Care should be taken when creating OS images that are replicated to multiple systems: if the random seed file is included unmodified each system will initialize its entropy pool with the same data, and thus \(em if otherwise entropy\-starved \(em generate the same or at least guessable random seed streams\&. As a safety precaution crediting entropy is thus disabled by default\&. It is recommended to remove the random seed from OS images intended for replication on multiple systems, in which case it is safe to enable entropy crediting, see below\&. Also see
\m[blue]\fBSafely Building Images\fR\m[]\&\s-2\u[1]\d\s+2\&.
.PP
See
\m[blue]\fBRandom Seeds\fR\m[]\&\s-2\u[2]\d\s+2
for further information\&.
.SH "ENVIRONMENT"
.PP
\fI$SYSTEMD_RANDOM_SEED_CREDIT\fR
.RS 4
By default,
systemd\-random\-seed\&.service
does not credit any entropy when loading the random seed\&. With this option this behaviour may be changed: it either takes a boolean parameter or the special string
"force"\&. Defaults to false, in which case no entropy is credited\&. If true, entropy is credited if the random seed file and system state pass various superficial concisistency checks\&. If set to
"force"
entropy is credited, regardless of these checks, as long as the random seed file exists\&.
.sp
Added in version 243\&.
.RE
.SH "SEE ALSO"
.PP
\fBsystemd\fR(1), \fBrandom\fR(4), \fBsystemd-boot\fR(7), \fBsystemd-stub\fR(7), \fBbootctl\fR(1), \fBsystemd-boot-random-seed.service\fR(8)
.SH "NOTES"
.IP " 1." 4
Safely Building Images
.RS 4
\%https://systemd.io/BUILDING_IMAGES
.RE
.IP " 2." 4
Random Seeds
.RS 4
\%https://systemd.io/RANDOM_SEEDS
.RE
